DandelionNStuff/dkimpy-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Invalid Authentication-Results header fields are ignored for ARC signing

Browse Source 
(LP: #1884044)
This commit is contained in:
Scott Kitterman
2023-02-25 17:10:17 -05:00
parent b74452d9da
commit 2115a5e9f8
3 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog
+2
View File
@@ -17,6 +17,8 @@ Version 1.1.0
installed (LP: #1954331) - see README.md for details installed (LP: #1954331) - see README.md for details
- Add new dkim.DnsTimeoutError class to report queried domain and selector - Add new dkim.DnsTimeoutError class to report queried domain and selector
along with timeout error from dnspython (LP: #1873449) along with timeout error from dnspython (LP: #1873449)
- Invalid Authentication-Results header fields are ignored for ARC signing
(LP: #1884044)
2019-12-31 Version 1.0.2 2019-12-31 Version 1.0.2
- dknewkey: On posix operating systems set file permissions to 600 for - dknewkey: On posix operating systems set file permissions to 600 for
README.md
+3
View File
@@ -176,6 +176,9 @@ https://tools.ietf.org/html/rfc8617
In addition to arcsign and arcverify, the dkim module now provides In addition to arcsign and arcverify, the dkim module now provides
arc_sign and arc_verify functions as well as an ARC class. arc_sign and arc_verify functions as well as an ARC class.
If an invalid authentication results header field is included in the set for
ARC, it is ignored and no error is raised.
Both DKIM ed25519 and ARC are now considered stable (no longer experimantal). Both DKIM ed25519 and ARC are now considered stable (no longer experimantal).
## ASYNC SUPPORT ## ASYNC SUPPORT
dkim/__init__.py
+12 -6
View File
@@ -45,7 +45,7 @@ USE_ASYNC = True
# only needed for arc # only needed for arc
try: try:
from authres import AuthenticationResultsHeader import authres
except ImportError: except ImportError:
pass pass
@@ -1037,10 +1037,10 @@ class ARC(DomainSigner):
self.add_should_not(('Authentication-Results',)) self.add_should_not(('Authentication-Results',))
# check if authres has been imported # check if authres has been imported
try: try:
AuthenticationResultsHeader authres.AuthenticationResultsHeader
except: except:
self.logger.debug("authres package not installed") self.logger.debug("authres package not installed")
raise AuthresNotFoundError raise authres.AuthresNotFoundError
try: try:
pk = parse_pem_private_key(privkey) pk = parse_pem_private_key(privkey)
@@ -1049,8 +1049,14 @@ class ARC(DomainSigner):
# extract, parse, filter & group AR headers # extract, parse, filter & group AR headers
ar_headers = [res.strip() for [ar, res] in self.headers if ar == b'Authentication-Results'] ar_headers = [res.strip() for [ar, res] in self.headers if ar == b'Authentication-Results']
grouped_headers = [(res, AuthenticationResultsHeader.parse('Authentication-Results: ' + res.decode('utf-8')))
for res in ar_headers] grouped_headers = []
for res in ar_headers:
try: # see LP: #1884044
grouped_headers.append((res, authres.AuthenticationResultsHeader.parse('Authentication-Results: ' + res.decode('utf-8'))))
except authres.core.SyntaxError:
# Skip over invalid AR header fields
pass
auth_headers = [res for res in grouped_headers if res[1].authserv_id == srv_id.decode('utf-8')] auth_headers = [res for res in grouped_headers if res[1].authserv_id == srv_id.decode('utf-8')]
if len(auth_headers) == 0: if len(auth_headers) == 0:
@@ -1064,7 +1070,7 @@ class ARC(DomainSigner):
auth_results = srv_id + b'; ' + (b';' + self.linesep + b' ').join(results) auth_results = srv_id + b'; ' + (b';' + self.linesep + b' ').join(results)
# extract cv # extract cv
parsed_auth_results = AuthenticationResultsHeader.parse('Authentication-Results: ' + auth_results.decode('utf-8')) parsed_auth_results = authres.AuthenticationResultsHeader.parse('Authentication-Results: ' + auth_results.decode('utf-8'))
arc_results = [res for res in parsed_auth_results.results if res.method == 'arc'] arc_results = [res for res in parsed_auth_results.results if res.method == 'arc']
if len(arc_results) == 0: if len(arc_results) == 0:
chain_validation_status = CV_None chain_validation_status = CV_None